The Driving Forces For GRC

These days, businesses are becoming increasingly conscious of the importance of governance, risk, and compliance (GRC). However, it is still a challenge for organizations to pinpoint why and how they can successfully integrate information security and compliance program into their routine business operations.  Here are the driving forces for GRC that will allow your everyday business practices to contribute to managing risks, achieve compliance, and grow your organization.  Sales  Today the most important driver in any modern technology organization is still sales. Many organizations, regardless of industry require verification and certification against specific security Read more…

Product Update | July 2021

For this update, we have built several new features to increase user accessibility, improve system visibility, and make our forms and questionnaires increasingly useful across new use cases. Working towards a seamless data collection and user management experience, below is an overview of what’s included in our July update: Collaborator Portal Policy Management Updates Self-Serving Read more…

Managing Third-Party Risk in Healthcare

For many industries, it has become common place for services to be outsourced to external organizations, and healthcare is no exception. While this process can be significantly more efficient, this support mechanism entails additional third-party risks which even the most vigilant company cannot always account for.  Whether tasked with managing third-party risk in smaller healthcare facilities or expansive hospitals and research centers, IT Read more…

Monitoring Efficacy & Continuous Improvement

Documenting Continuous Improvements Clause 10 of ISO 27001 requires a process to “continually improve the suitability, adequacy, and effectiveness of the information security management system.” The best way to comply with this obligation is to document your Continuous Improvement Process. Opportunities for improvement can come from a variety of sources, both internal and external: Client Read more…

ISO 27001 – Security Training & Awareness

Security training and awareness provides formal cybersecurity education to the workforce. The idea is to focus on security threats of your internal and external environment and to support individual capabilities as part of everyone’s role in the company. Having received the go-ahead from management for your ISO project, you have defined the scope of your Read more…

ISO 27001 – Defining Controls

Annex A of ISO 27001 is one of the most widely known lists of requirements of all the ISO standards. It provides companies with a structured checklist to define controls for their information security management system (ISMS) and to mitigate their cyber-related risks.   In the previous article, we covered the necessary steps of identifying, evaluating, and treating risks around an organization’s information assets. The risk management process addresses uncertainties Read more…

StandardFusion Named Best Compliance & GRC Software of 2021 in Independent Research

Digital.com, a leading independent review website for small business online tools, products, and services, has named StandardFusion among the Best Compliance Management Systems of 2021 and Best GRC Software of 2021 in independent research to help businesses better manage their Governance, Risk, and Compliance. Digital.com’s research team conducted a 40-hour assessment of over 70 solutions Read more…

ISO 27001 – Risk Management

There are many ways to approach risk management. When it comes to implementing an ISO 27001 compliant information security management system, controls are deployed using a risk-based approach. All the topics discussed in the first half of our guide, from the mandatory standard clauses to stakeholder communication, are directly linked to risk management. In part Read more…

ISO 27001 – Mandatory Clauses

Developing an ISO 27001 compliant Information Security Management System (ISMS) requires a highly planned and coordinated approach. To help you lay the groundwork of your system, we previously covered the core activities required when planning the implementation of a cohesive ISMS, including leadership support, project scope, and the Statement of Applicability. Now we are ready Read more…